Escape html characters in post flairs (#247)

* Encode HTML characters in flairs

* Encode HTML characters in flairs

* Use esc! macro for HTML escaping

Co-authored-by: spikecodes <19519553+spikecodes@users.noreply.github.com>
This commit is contained in:
accountForIssues 2021-07-19 19:15:15 +02:00 committed by GitHub
parent e571cc3b1e
commit be253d40dd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -39,7 +39,7 @@ impl FlairPart {
Self { Self {
flair_part_type: value("e").to_string(), flair_part_type: value("e").to_string(),
value: match value("e") { value: match value("e") {
"text" => value("t").to_string(), "text" => esc!(value("t")).to_string(),
"emoji" => format_url(value("u")), "emoji" => format_url(value("u")),
_ => String::new(), _ => String::new(),
}, },
@ -568,27 +568,17 @@ pub fn val(j: &Value, k: &str) -> String {
j["data"][k].as_str().unwrap_or_default().to_string() j["data"][k].as_str().unwrap_or_default().to_string()
} }
// Escape < and > to accurately render HTML
#[macro_export] #[macro_export]
macro_rules! esc { macro_rules! esc {
($f:expr) => { ($f:expr) => {
$f.replace('<', "&lt;").replace('>', "&gt;") $f.replace('&', "&amp;").replace('<', "&lt;").replace('>', "&gt;")
}; };
($j:expr, $k:expr) => { ($j:expr, $k:expr) => {
$j["data"][$k].as_str().unwrap_or_default().to_string().replace('<', "&lt;").replace('>', "&gt;") $j["data"][$k].as_str().unwrap_or_default().to_string().replace('<', "&lt;").replace('>', "&gt;")
}; };
} }
// Escape < and > to accurately render HTML
// pub fn esc(j: &Value, k: &str) -> String {
// val(j,k)
// // .replace('&', "&amp;")
// .replace('<', "&lt;")
// .replace('>', "&gt;")
// // .replace('"', "&quot;")
// // .replace('\'', "&#x27;")
// // .replace('/', "&#x2f;")
// }
// //
// NETWORKING // NETWORKING
// //